Privacy statement under the EU General Data Protection Regulation

Effective Date: 15.05.2018

This privacy statement applies to Hotel Latinka managed and operated by TOBO-HOTELS LTD. This privacy statement describes how we collect and use the personal data you provide when you stay at our hotel and use our services. It also describes the choices available to you regarding our use of your personal data and how you can access and update this data.

We may amend this privacy statement from time to time, so visit this page regularly to keep abreast of the updates.


The type of personal data we collect

  • The types of personal data that we collect include: Your full name, email address, phone number; Date of birth, nationality, gender, passport information
  • Guest stay information, including date of arrival and departure, room, floor, number of nights you stay, special requests made, observations about your service preferences (including room preferences, facilities or any other services used);
  • Video control – there are four cameras – parking yard, garage entrance, hotel entrance and hotel reception which are controlling the security and the public order. There are warning signs about 24 – hour video control;


Why do we collect, use and share your personal data?

·        Comply with regulatory and legal obligations: We may use your personal data to comply with regulatory and legal obligations. For us, it is mandatory to comply with the Bulgarian legislation and laws such as Bulgarian Tourism Law, Bulgarian Law for Address Registration, Law for the Registration of Foreign Citizens in the Republic of Bulgaria.

·        Fraud detection and prevention: we may use your personal data for the detection and prevention of fraud and other illegal or unwanted activities.

·        Reservations - we use your personal data to complete and administer your reservation and to send you a confirmation email, a pre-arrival email and provide you with data about conditions of your accommodation.

·        Customer service: we use your personal data to provide customer service.

·        Guest reviews: we may use your contact data to invite you by email to write a guest review after your stay. This can help other travelers to choose the accommodation that suits them best.

·        Marketing activities: we also use your data for marketing activities, as permitted by law.

·        Other communications: there may be other times when we get in touch by email, by post, by phone or by texting you, depending on the contact data you share with us. There could be a number of reasons for this:

We may need to respond to and handle requests you have made.

If you have not finalized a reservation, we may email you a reminder to continue with your reservation. We believe that this additional service is useful to you because it allows you to carry on with a reservation without having to search for the accommodation again or fill in all the reservation details from scratch.

·        Improving our services: finally, we use your personal data for analytical purposes, to improve our services, to enhance the user experience, and to improve the functionality and quality of our travel services.


How do we share your personal data with third parties?

We may share your personal data with third parties as set out below

·        Competent authorities: We disclose personal data to law enforcement and other governmental authorities insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud.

·        Third-party service providers: We may use service providers to process your personal data strictly on our behalf. This processing would be for purposes such as POS payments. These processors are bound by confidentiality clauses and are not allowed to use your personal data for their own purposes or any other purpose.


Deletion and Retention of Personal Data

We will retain your personal data for as long as we deem it necessary to provide services to you, comply with applicable laws (including those regarding document retention), resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. All personal data we retain will be subject to this privacy statement.



What security procedures do we have in place to safeguard your personal data?

We use appropriate business systems and procedures to protect and safeguard any personal data given to us. We also use security procedures and technical and physical restrictions for accessing and using the personal information on our servers. Only authorized personnel are permitted to access personal information in the course of their work.


Accessing, updating and removing your personal data:

You may request to have access to your personal data we keep or to have your personal data updated, erased or blocked unless this proves impossible or involves a disproportionate effort. You have may request confirmation as to whether we process your personal data and what that data constitutes.

Where allowed under local law, you may request us to erase your personal data, if one of the following circumstances exist:

·        your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

·        if the processing was based on your consent and if you have withdrawn your consent, your consent has expired, or where there is no longer a legal ground for the processing of your personal data;

·        If the processing is for direct marketing purposes or if you make a justifiable objection ;

·        a court or regulatory authority has ruled that your personal data concerned must be erased;

·        your personal data was unlawfully processed.

We ask you to keep your personal information accurate and up to date. If the personal data we have about you is incorrect, out-of-date or not relevant anymore for the purposes collected, we will update or remove it at your request. We kindly request you to contact  We kindly ask you to write “Request personal information” in the subject line of your email. We will respond to your request within 30 days. However, we may need to retain certain information, for example, for legal or administrative purposes, such

as record keeping or to detect fraudulent activities.


Contact Us

If you have any suggestions, requests or comments about privacy, personal data and how we handle personal information, you can send an email to:


You may also contact your local data protection authority with questions and complaints.